Engadget RSS Feedhttps://www.engadget.com/tag/Spyware/rss.xml
https://www.blogsmithmedia.com/www.engadget.com/media/feedlogo.gif?cachebust=trueEngadget RSS Feedhttps://www.engadget.com/tag/Spyware/rss.xml
en-usEngadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronicsCopyright 2018 AOL Inc. The contents of this feed are available for non-commercial use only.https://www.engadget.com/2018/05/19/north-korea-android-malware-targets-defectors/https://www.engadget.com/2018/05/19/north-korea-android-malware-targets-defectors/https://www.engadget.com/2018/05/19/north-korea-android-malware-targets-defectors/#comments

When Android malware slips into the Google Play Store, it's usually there to push unwanted ads or perpetuate a scam. McAfee researchers, however, have discovered something more sinister. A North Korean group nicknamed Sun Team recently posted three apps in Google Play that were used to target defectors from the authoritarian country. The attackers contacted people through Facebook in bids to have them install seemingly innocuous "unreleased" apps for food and security. When installed, the rogue apps would send contacts, photos and text messages to the intruders using Dropbox and Russia's Yandex to both upload data and send commands.

An advanced type of malware can spy on nearly every Android smartphone function and steal passwords, photos, video, screenshots and data from WhatsApp, Telegram and other apps. "ZooPark" targets subjects in the Middle East and was likely developed by a state actor, according to Kaspersky Lab, which first spotted and identified it.

Lenovo has only just settled a massive $3.5 million fine for preinstalling adware on laptops without users' consent, and now it seems HP is getting in on the stealth installation action, too. According to numerous reports gathered by Computer World, the brand is deploying a telemetry client on customer computers without asking permission.

Lenovo came under fire a few years ago for pre-installing adware called VisualDiscovery (developed by Superfish) onto new machines. Now that the legal dust has settled, the laptop maker has agreed to pay $3.5 million in fines to a 32-state coalition "to resolve their concerns" related to the nefarious bloatware app. In 2015, the worry was that the software performed a man-in-the-middle attack on supposedly secure connections and could be used to spy on encrypted communications. The company issued a tool for removing the software at the time.

Budget Android phone manufacturer Blu Products has been suspended from selling its handsets on Amazon. Citing "security concerns," the online retail giant is removing Blu models from Amazon.com until the company "resolves the issue," reports CNET. The move comes less than a week after security firm Kryptowire revealed Blu's devices were still covertly sending user data to China.

One of Apple's big talking points is that Macs don't get viruses and that they're relatively safe when compared to Windows PCs. Well, WikiLeaks would like you to reconsider that notion with more info about Vault 7. The organization's latest dump is a handful of documents from the Central Intelligence Agency that detail, among other things, how the agency can infect a MacBook Air during its boot cycle via a modified Thunderbolt-to-Ethernet adapter. With "Sonic Screwdriver," the CIA's monitoring tools are stored on the dongle and the machine can be infected even if it's password protected. Considering how dongle dependent the new MacBooks are, this sort of exploit becomes even more worrying.

Surveillance-oriented spyware is dodgy in itself, but it's even worse when it's abused to intimidate political enemies -- just ask Mexican health advocates. The New York Times has learned that someone used commercial spyware from NSO Group to target proponents of Mexico's soda tax, including researchers and activists, right as they were rallying support for doubling the tax. The attackers sent personalized messages that warned of bogus news (say, a daughter's accident) and urged the victims to tap a link. If they did, the hostile would infect their devices and track everything from messages to location. It'd even quietly record camera footage.

Barnes & Noble introduced the $50 Nook just in time for the holiday shopping season, but it failed to mention one crucial bit of software pre-installed on its 7-inch e-reader: malware. Specifically, the new Nooks came with an ADUPS program that granted a third party full access to all of a device's data plus complete control privileges. This means someone overseas had the ability to collect your personal information and wipe your Nook clean, if it had the ADUPS spyware installed.

Hacking Team has largely stayed under the radar after a gigantic leak exposed its spyware-selling ways, but the company might be on the rebound. Security researchers havenoticed that recent Mac malware installs a version of Hacking Team's Remote Code Systems tool from around October, or three months after the outfit was publicly torn apart. There is a chance that a third-party group simply obtained and reworked some of the leaked source code, but clues suggest that this wasn't the work of amateurs.

Want to know why it's important to have checks on mass surveillance programs? Colombia should serve as a good example. Privacy Internationalreports that the country not only collects bulk internet and phone data on a grand scale, but violates the law in the process -- it's supposed to require judicial approval for any surveillance, but regularly ignores that oversight. Colombian agencies have also relied on controversial tools like IMSI catchers (which scoop up nearby cellphone data) and Hacking Team's spyware, and they've sought to expand their powers rather than rein things in.

Forget safeguarding drones against hacks -- if Boeing and Hacking Team have their way, robotic aircraft would dish out a few internet attacks of their own. Email conversations posted on WikiLeaks reveal that the two companies want drones to carry devices that inject spyware into target computers through WiFi networks. If a suspect makes the mistake of using a computer at a coffee shop, the drone could slip in surveillance code from a safe distance.

This year a number of major news stories released information on world governments buying, selling and using surveillance technologies on their citizens. These stories, reports -- and in some cases, hacktivist breaches and data dumps -- have served to verify the acquisition and use of spyware on citizens by dozens of diverse governments around the globe.

We now know that Hacking Team, a company responsible for building some of the more notorious surveillance software in the world, was also doing business with some of the most notorious regimes in the world. How do we know this? Well a treasure trove of leaked documents found their way online. Thanks internet! Wondering just what actors the company was working with and how bad they were? Well check we've got a handy breakdown for you below.

Plenty of ink has already been spilled about the Hacking Team's spectacular security meltdown, but why should the press have all the fun? WikiLeaks posted a searchable archive of over a million emails from the Italian IT firm last night, which means armchair sleuths can take a peek into the cloak-and-dagger world of selling spyware to governments with just a few clicks. Now obviously not everything contained in this hefty database is damning; lots of it just chronicles the day-to-day operations of a lucrative business. Every once in a while, you'll find something almost shocking in its mundanity, like this corporate email blast about restaurants in London that wound up in Hacking Team COO Giancarlo Russo's inbox. Still, there are plenty of juicier tidbits waiting for you if you keep a few keywords in mind.

Russian security firm Kaspersky Lab has looked deeper into the malware that attacked its network and found that it used a digital certificate stolen from Foxconn. That's the same Taiwanese company frequently associated with big names in electronics, since its factories manufacture everything from iPhones and iPads to PS4s and Xbox Ones. The malware, known as Duqu 2.0 due to its shared programming with an older spyware called Duqu, also infected the networks of hotels where the UN Security Council held meetings about Iran's nuclear development. Duqu 1.0 and its predecessor, the Stuxnet worm, also redirected traffic through digital certificates stolen from Taiwanese companies, presumably to make it appear like the attacks came from China.

The threat posed by state-sponsored malware might be even larger than first thought. Antivirus developer Kaspersky Lab says it discovered an attack on its network by allegedly government-made spyware that appears to be an upgraded version of Duqu, the Stuxnet-based worm used by Israel and the US to derail Iran's nuclear efforts. This "Duqu 2.0" not only tried to obtain details about Kaspersky's investigations and detection abilities, but remained remarkably stealthy. Pre-release software was necessary to catch it, and there were attempts to throw researchers off the scent by suggesting that China or Eastern Europe was to blame.

It shouldn't come as a surprise to hear that the NSA worked on iOS and Android malware meant to capture information from a target's phone, but actually getting the software onto phones? That's tricky. To help solve that problem, the NSA (and the rest of the Five Eyes intelligence community) attempted to hijack data being sent to and from app stores like those run by Samsung and Google. According to a document leaked by Edward Snowden, obtained by The Intercept and published by the CBC, it was mostly in search of a way to implant secret surveillance payloads into those data connections in hopes of identifying an Arab Spring in action in other countries.

]]>
alibabaandroidgooglehackmalwareman in the middlemaninthemiddlemobilemobilepostcrossnsasamsungspywaresurveillanceThu, 21 May 2015 11:02:00 -040021|21185947https://www.engadget.com/2015/04/16/dea-spyware/https://www.engadget.com/2015/04/16/dea-spyware/https://www.engadget.com/2015/04/16/dea-spyware/#comments

The war on drugs has a surprising soldier amongst its ranks: Italian spying software. As Motherboard's sources tell it, the Drug Enforcement Administration's dropped $2.4 million on surveillance tools that are capable of intercepting phone calls, texts, social media messages, and can even take hold of someone's webcam and microphone. Oh, Remote Control System (as its officially called) can grab passwords, too. Almost sounds like a video game, right? The Hacking Team-developed software (the outfit behind Ethiopian cyberattacks on US journalists), can be installed on the sly and grants access to data that may very well be encrypted or otherwise inaccessible by other means. It comes hot on the heels of news that the DEA's been collecting phonecall metadata for an awfully lot longer than the NSA, too. Naturally, no one on either side of the story has been eager to open up to Motherboard, and presumably journalists in general.

Arkansas' Fort Smith Police Department may be responsible for some particularly sinister digital tricks, if you ask one lawyer. An attorney representing whistleblowers in a police corruption scandal says that the Department sent him a hard drive laden with trojans when he requested documents. Given that the rogue files were found in a folder specific to the court order (that is, they were added after the court order was issued), it looks as if someone in the FSPD wanted to hijack the lawyer's computer and sabotage his case. And that's not the only suspicious behavior, either -- the city reportedly deleted email accounts and messages that it knew it was supposed to keep.

If you think that commercial software designed to spy on computers is problematic, you're not alone. The Organization for Economic Cooperation and Development's UK contact has determined that Gamma International's approach to selling its FinFisher spyware violates human rights guidelines. The developer not only doesn't have a human rights policy, but doesn't investigate clients for the possibility of abuse -- there's little stopping it from selling FinFisher to an oppressive government. The contact couldn't confirm that Gamma sold its software to Bahrain, which used the surveillance tool to target the political activists who prompted the investigation (shown here). However, the OECD isn't shy about pressing for change. It wants Gamma to take evidence of abuse and government advice into account whenever it sells software, and to cooperate when there are signs that someone is using FinFisher for nefarious purposes.

Google's already making sure you don't download malware, and now it's expanding its Safe Browsing initiative. In addition to preventative warnings prior to downloading, the Chrome browser will now throw a red flag (pictured after the break) before visiting a site that may encourage you to install any malicious software. Search listings are getting marks for sites that might contain nefarious programs as well, and Mountain View says that it's actively disabling Google Ads that "lead to sites with unwanted software." The search giant is urging site owners to install its Webmaster Tools to help keep on top of any possible issues with a site pushing bad software to visitors, and says this'll aid with the resolution process should that happen. Again, it's Google working to keep its "don't be evil" reputation in line and making the internet a safer place for everyone. After all, even the most web savvy among us have probably downloaded malware before at some point.

Buy a new Lenovo computer recently? Well, it looks like it could be infected with some factory-installed adware. Users on the official Lenovo forums started noticing that search results were being injected with sponsored links (like what happens when a machine is infected with typical adware or spyware) as far back as last September, and some even report that sites including Kelley Blue Book and JetBlue wouldn't render properly at all. This apparently isn't the only problem, however. As Facebook engineer Mike Shaver recently discovered, the program at fault, Superfish, appears to install a man-in-the-middle certificate that allows outside parties to take a peek at secure websites you might be visiting, too. Like your bank's, for example.

Malware targeting gamers usually tends to revolve around the games themselves, such as fake copies of a hot new shooter or deceptive in-game items. Well, it looks like these attackers are mixing up their strategy: Malwarebytes Labs has found spyware spoofing an in-game voice chat app. At first, it steers you to a fake website offering Razer's Comms software. If you're eager enough to click the Windows download link, you instead get a script that tries to harvest your logins and other sensitive info. A cursory glance suggests that it's (poorly) written by Russian cybercriminals renting their services.

A US District Judge in Virginia has ordered the man responsible for selling and distributing StealthGenie, an application used to spy on people, to pay a $500,000 fine and hand over the software's source code to the authorities. Hammad Akbar, who is originally from Denmark, last week pleaded guilty to the charges of a "sale of an interception device and the advertising of a known interception device," in what the Department of Justice is calling the first-ever criminal conviction of its kind. Akbar admitted that StealthGenie could take on many spying tasks once installed on an iOS, Android or BlackBerry smartphone, such as providing access to email, text messages and pictures, as well as intercepting any incoming and outgoing phone calls.

Want to see a classic example of irony? Head to the US Computer Emergency Readiness Team (CERT) website. The government security group has issued a public warning about Regin... you know, the extra-sophisticated malware that many suspect the US wrote to spy on telecom networks. It's more than a little amusing to see one agency warn about a problem the other may have created, although it raises a few questions when there haven't been similarly direct warnings for (allegedly) state-created attacks like Stuxnet and Duqu. Is it evidence that the US wasn't involved, or that Regin is out of control? An attempt to throw people off the scent? Or something else?